<?php
basename($_SERVER["PHP_SELF"]) == 'inc.admin.php' && exit('Invalid Access!');

//ini_set('display_errors', true);
error_reporting(E_ALL & ~E_NOTICE);

header("Cache-Control: no-cache");
session_start();
require_once("../inc.config.php");
require_once(M_ROOT."/functions/common/common.php");
require_once(M_ROOT."/functions/general_function.php");
require_once(M_ROOT."/functions/downline/downline_function.php");
require_once(M_ROOT."/functions/comm/comm_function.php");
require_once(M_ROOT."/functions/print/print_function.php");
require_once(M_ROOT."/functions/category/category_function.php");
require_once(M_ROOT."/functions/product/product_function.php");
require_once(M_ROOT."/functions/file/file_function.php");
require_once(M_ROOT."/functions/image/image_function.php");
require_once(M_ROOT."/functions/forms/forms_function.php");
require_once(M_ROOT."/functions/search/search_function.php");
require_once(M_ROOT."/e.dbv.php");
require_once("initialize.php");
require_once("functions/fn_admin.php");

initialize();
$settings = get_settings('admin_maintenance');
if(verify_admin_sess_data() && $settings['admin_maintenance'] == 'y' && $_SESSION["aid"] != 18){
	print format_admin_page("Site is under maintenance now, please come back later. We are sorry for any inconvenience caused.", $vars['member_title'], $vars['member_title']);
	exit;
}

$vars["this_file"]=$this_file=basename($_SERVER["PHP_SELF"]);
$vars["admin_title"]="$vars[title] Administrative Panel";
$db=$vars["db"];
$inputbox_style="class='inputbox' style=\"width:100%;\"";

if(!verify_admin_sess_data()){
 if($_GET["aj"]){//this is an AJAX call
  print format_xml(array("loggedout"=>"loggedout"));
  exit();
 }else{
  $admin_logged=admin_login();
 }
}else{
 $admin_logged=1;
}

if(!$admin_logged){
 exit();
}

if(false){
	print format_admin_page("Site is under maintenance now, please come back later. We are sorry for any inconvenience caused.", $vars['admin_title']);
	exit;
}

//#####lines below only execute when admin is logged in
/*##### FORM POST/GET #####*/
if(count($_POST)){$posting=1; $temp=get_post(); $post_a=$temp["post_a"]; $post_s=$temp["post_s"]; $post_d=$temp["post_d"]; $post_h=$temp["post_h"];}
if(count($_GET)){$getting=1; $temp=get_get(); $get_a=$temp["get_a"]; $get_s=$temp["get_s"]; $get_d=$temp["get_d"]; $get_h=$temp["get_h"];}
if(count($_COOKIE)){$temp=get_cookie(); $cookie_a=$temp["cookie_a"]; $cookie_s=$temp["cookie_s"]; $cookie_d=$temp["cookie_d"]; $cookie_h=$temp["cookie_h"];}

$adminid=$aid=$_SESSION["aid"];
$pv=get_admin_privilege($aid);
//#####finish if admin logged execution

//##### ADMIN MENU #####
function get_admin_menu($pv){
$task_pv_all=task_pv();

//tasks privileges details
for($i=0,$t=count($task_pv_all);$i<$t;$i++){
 $task=$task_pv_all[$i][0];
 $file=$task_pv_all[$i][1];
 $order=$task_pv_all[$i][2];
 $tpv[$order]["name"]=$task;
 $tpv[$order]["pv"]=$pv["task"][$task];
 $tpv[$order]["file"]=$file;
}

//menu
$j=0;
for($i=0,$t=count($tpv);$i<$t;$i++){
 if(isset($tpv[$i]) && $tpv[$i]["file"]!=""){
  $menu_item.=($tpv[$i]["pv"]? "
<div><a href='".$tpv[$i]["file"]."'>".($j+3).". ".$tpv[$i]["name"]."</a></div>" : "");
  $j++;
 }
}
$menu="
<div class='menu_item'>
<div><a href='index.php'>1. Admin Home</a></div>
<div><a href='profile.php'>2. Profile</a></div>
$menu_item
<div><a href='logout.php'>".($j+3).". Logout</a></div>
</div>";
return $menu;
}

function get_admin_db_menu($pv){
$dbpvt=$pv["db"];
 //table list
 $db_list_file="db_table_list.php";
 $r_table_list=get_db_table();
 for($i=0;$i<count($r_table_list);$i++){
  ($tr_table[$r_table_list[$i]]["name"])? $table_name=$tr_table[$r_table_list[$i]]["name"]: $table_name=$r_table_list[$i];
  $table_menu_row.=($pv["db"][$r_table_list[$i]]["view"]? "<div><a href='$db_list_file?tbl=".urlencode($r_table_list[$i])."'>$table_name</a></div>" : "");
 }
 if($table_menu_row){
  $table_menu="
  <div class='menu_item'>
  $table_menu_row
  </div>";
 }
 //end table list
 return $table_menu;
}

function admin_login(){
global $vars;
$db=$vars["db"];

if($_POST["do_login"]){
 /*##### FORM POST #####*/
 $posting=1;
 $temp=get_post();
 $post_a=$temp["post_a"];
 $post_s=$temp["post_s"];
 $post_d=$temp["post_d"];
 /*##### END FORM POST #####*/

 if(!$r=mysql_query("select * from $db->admin where username='$post_d[username]'")) {
  $errmsg.='Invalid Login.<br />';
 }else{
  if(@mysql_num_rows($r)){
   $ra=mysql_fetch_array($r);
   if($ra["username"]==$post_s["username"]){
    if(!$vars["admin_enc_login"]){
     if($ra["password"]==$post_s["password"]){
      $login_ok = true;
     }
    }else{
     $db_pass = explode(":", $ra["enc_password"]);
     $salt = $db_pass[1];
     if(md5($post_s["password"].$salt) == $db_pass[0]){
      $login_ok = true;
     }
    }
    if($login_ok){
     mysql_query("update $db->admin set last_login2=last_login, last_login='".ndate()."' where id='$ra[id]' limit 1");
     $_SESSION["aid"]=$ra["id"];     $_SESSION["aname"]=$ra["name"];
     encrypt_admin_login_sess_cookie($post_s["username"], $ra["enc_password"], $vars["admin_enc_login"]);
    }
   }else{
    $errmsg.="Invalid Login.<br />\n";
   }
  }else{
   $errmsg.="Invalid Login.<br />\n";
  }
 }

 $errmsg=$errmsg? format_err($errmsg) : "";
}

$login_form="
<center>
".($errmsg? "<div class='admin_login_err'>$errmsg</div>" : "")."
<form name='login' method='post' action='$vars[this_file]".($_SERVER["QUERY_STRING"]? "?$_SERVER[QUERY_STRING]" : "")."'>
<input type='hidden' name='do_login' value='1' />
<table class='admin_login'>
 <tr class='header'>
  <td colspan='2'>$vars[title] Admin Login</td>
 </tr>
 <tr>
  <td>Login:</td>
  <td><input type='text' name='username' class='inputbox'></td>
 </tr>
 <tr>
  <td>Password:</td>
  <td><input type='password' name='password' class='inputbox'></td>
 </tr>
 <tr><td height='50' align='center' colspan='2'><input type='submit' value='Login' class='button'></td></tr>
</table>
</form>
</center>
<script type='text/javascript'>
document.login.username.focus();
</script>";

if(!$login_ok){
 print format_admin_login_page($login_form, "$vars[title] Administrator Login");
}
return $login_ok;
}

function format_admin_page($content, $title, $head_info="", $gzip=true){
global $vars;
$tpl="<html>
<head>
<title><%title%></title>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=$vars[charset]\" />
<%head_info%>
<link rel='stylesheet' href='admin.css' type='text/css' />
<link rel='stylesheet' href='".TEMPLATE_URL."/$vars[template]/common.css' type='text/css' />
</head>

<body>
<table class='admin_container'>
 <tr>
  <td width='200'><div class='menu'><%menu%></div></td>
  <td><div class='admin_content'><%content%></div></td>
 </tr>
</table>
</body>
</html>";

$pv=get_admin_privilege($_SESSION["aid"]);
$task_menu=get_admin_menu($pv);
$db_menu=get_admin_db_menu($pv);
$menu="$task_menu".($db_menu? "<p class='bold'>Database</p>$db_menu" : "");
$page=replace_tag($tpl, array(
"<%title%>"=>$title,
"<%head_info%>"=>$head_info,
"<%menu%>"=>$menu,
"<%content%>"=>$content));

if(!headers_sent()){
 header("Content-Type:text/html; charset=$vars[charset]");
 $encodings=array();
 if (isset($_SERVER['HTTP_ACCEPT_ENCODING']))
  $encodings = explode(',', strtolower(preg_replace("/\s+/", "", $_SERVER['HTTP_ACCEPT_ENCODING'])));

 if ((in_array('gzip', $encodings) || in_array('x-gzip', $encodings) || isset($_SERVER['---------------'])) && function_exists('ob_gzhandler') && !ini_get('zlib.output_compression')) {
  $enc = in_array('x-gzip', $encodings) ? "x-gzip" : "gzip";
 }
}

if($enc && $vars["gzip"] && $gzip && !headers_sent()){
 header("Vary: Accept-Encoding");  // Handle proxies
 header('Content-Encoding: '.$enc);
 header("Expires: " . date("r", time()-10000));
 $page = gzencode($page, 7, FORCE_GZIP);
}

return $page;
}

function format_admin_login_page($content, $title){
global $vars;
$tpl=
"<html>
<head>
<title>$title</title>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=$vars[charset]\" />
<link rel='stylesheet' href='admin.css' type='text/css' />
<link rel='stylesheet' href='". TEMPLATE_URL ."/$vars[template]/common.css' type='text/css' />
</head>

<body class='admin_login_body'>
$content
</body>
</html>";

return $tpl;
}
?>